<?php
require dirname(__FILE__) . '/../lib/init.php';
$_POST = addslashes_deep($_POST);
$uid = $_SESSION["USERID"];
$userdo = $_POST["useraction"];
$crumb_code = $_POST["crumb_code"];
$table = "kt_user";
$curdate = date("Y-m-d H:i:s");
global $db;
if ($userdo == "USERADD") {
    if (Crumb::verifyCrumb($uid, $crumb_code, $userdo)) {
        $user_name = $_POST["user_name"];
        $user_pass = $_POST["user_pass"];
        $user_role = $_POST["user_role"];
        $user_salt = uuid();
        $data = array('user_name' => $user_name , 'user_pwd' => generate_password($user_pass) , 'user_role' => $user_role , 'user_salt' => $user_salt , 'createtime' => $curdate);
        echo $db->insert($table, $data);
    }
} else 
    if ($userdo == "USEREDIT") {
        if (Crumb::verifyCrumb($uid, $crumb_code, $userdo)) {
            $oid = $_POST["oid"];
            $user_name = $_POST["user_name"];
            $user_pass = $_POST["user_pass"];
            $user_role = $_POST["user_role"];
            $data["user_name"] = $user_name;
            if (trim($user_pass) != "") {
                $data["user_pwd"] = generate_password($user_pass);
            }
            $data["user_role"] = $user_role;
            $data["createtime"] = $curdate;
            echo $db->update($table, $data, $oid);
        }
    } else 
        if ($userdo == "USERDEL") {
            if (Crumb::verifyCrumb($uid, $crumb_code, $userdo)) {
                $oid = $_POST["oid"];
                $oid = array_map("intval", $oid);
                $where = 'oid IN (' . join(', ', $oid) . ')';
                echo $db->delete($table, $where);
            }
        }

 